2016-05-02, 14:59
I'm pretty sure you are splitting hairs bro.
(2016-05-02, 15:11)trogggy Wrote:(2016-05-02, 15:10)MrMC Wrote: There is absolutely no reason for any addon to reach outside it's little box and screw around with the outside world.How about because that's what you want it to do?
(2016-05-02, 17:43)MrMC Wrote: I think some people seriously underestimate the number of malicious people out there that have zero morals. It is only a matter of time before the real bad guys start targeting this huge exploit.
(2016-05-02, 17:53)Koying Wrote:(2016-05-02, 17:43)MrMC Wrote: I think some people seriously underestimate the number of malicious people out there that have zero morals. It is only a matter of time before the real bad guys start targeting this huge exploit.
Those installing random Kodi addons from random places, I can imagine they are already virus and trojans ridden anyway
(2016-05-02, 18:01)Paranoidjack Wrote: I suspect so too - but it's near impossible to make them learn unless they're a victim of their own doing.
(2016-05-02, 17:43)MrMC Wrote:(2016-05-02, 15:11)trogggy Wrote:(2016-05-02, 15:10)MrMC Wrote: There is absolutely no reason for any addon to reach outside it's little box and screw around with the outside world.How about because that's what you want it to do?
I think some people seriously underestimate the number of malicious people out there that have zero morals. It is only a matter of time before the real bad guys start targeting this huge exploit. I can easily see the appearance of some addon that looks and smells like those out there now. Inside is a daemon that starts snooping the device and exploring your other devices inside your nice firewall'ed local network. Don't laugh, it is trivial to do this.
(2016-05-02, 19:28)jmh2002 Wrote: Even a trusted developer can decide to have a bit of a melt down for whatever reason (commonly it seems to be either other developers or ungrateful users upsetting them), throw all the toys out of the sandpit, and do something perhaps regrettable. This is also a concerning issue I think (rather than just addons that are perhaps clearly untrustworthy from the start).
Additionally, unfortunately Kodi's policy (which I understand is necessary) forces some addons to not be available in the official repo even if they are legitimate, or at least not malicious. This may also be region dependant of course as far as the user is concerned, since different policies and laws apply.
In fact if anything there seems to be a trend towards developers having their own repos and bypassing the official repo altogether, I guess for simplicity's sake, or something? I don't really know. Certainly some developers note that they appreciate the ability to more easily push regular updates/fixes from their own repo. I have a number of addons which I believe are legitimate as far as Kodi's policies are concerned, have threads here on kodi.org, and yet still require a separate private repo and therefore fall outside any protective screening which the official repo may offer.
This is a pity too.
(2016-05-02, 17:43)MrMC Wrote:I'm not laughing - but I'm not that worried either tbh.(2016-05-02, 15:11)trogggy Wrote:(2016-05-02, 15:10)MrMC Wrote: There is absolutely no reason for any addon to reach outside it's little box and screw around with the outside world.How about because that's what you want it to do?
I think some people seriously underestimate the number of malicious people out there that have zero morals. It is only a matter of time before the real bad guys start targeting this huge exploit. I can easily see the appearance of some addon that looks and smells like those out there now. Inside is a daemon that starts snooping the device and exploring your other devices inside your nice firewall'ed local network. Don't laugh, it is trivial to do this.